Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02

Lizhenbin <> Thu, 08 October 2020 08:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB3BB3A0E8A; Thu, 8 Oct 2020 01:27:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jaIJcwgTcX-V; Thu, 8 Oct 2020 01:27:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2CAEC3A0E88; Thu, 8 Oct 2020 01:27:56 -0700 (PDT)
Received: from (unknown []) by Forcepoint Email with ESMTP id 568034AFFACE5B70C7B1; Thu, 8 Oct 2020 09:27:51 +0100 (IST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Thu, 8 Oct 2020 09:27:50 +0100
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1913.5 via Frontend Transport; Thu, 8 Oct 2020 09:27:50 +0100
Received: from ([]) by ([]) with mapi id 14.03.0487.000; Thu, 8 Oct 2020 16:27:46 +0800
From: Lizhenbin <>
To: "Eric Vyncke (evyncke)" <>, Linda Dunbar <>, IPv6 List <>, "" <>
CC: "" <>
Thread-Topic: Questions about draft-li-6man-app-aware-ipv6-network-02
Thread-Index: AdaTZqEn8gTX6C5CTS2Ceg4YlCkN3QCT/e9QACRuswABv4EisA==
Date: Thu, 8 Oct 2020 08:27:46 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_5A5B4DE12C0DAC44AF501CD9A2B01A8D938A4E23DGGEMM532MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Oct 2020 08:28:00 -0000

Hi Eric,
Sorry for the delayed reply because we are having an 8-day holiday. Please refer to my reply inline.

Best Regards,

From: Eric Vyncke (evyncke) []
Sent: Tuesday, September 29, 2020 4:07 PM
To: Lizhenbin <>om>; Linda Dunbar <>om>; IPv6 List <>rg>;
Subject: Re: Questions about draft-li-6man-app-aware-ipv6-network-02


About Linda’s interesting questions about APN, I also wonder why using VLAN tagging as this tag will be lost quickly after a couple of hops while the IPv6 prefix will be kept (this is what DT Terastream did if not mistaken).
[Robin] The VLAN tagging will truly be lost after a couple of hops. This is why we call it is used in the limited domains. In fact the VLAN tagged packet may traverse the metro network where L2VPN/EVPN + MPLS/SR are used before it arrives at the BRAS device. After the VLAN tagged packet are used for accounting at the BRAS, the packet whose VLAN tagging is removed maybe enter the IP core network where L3VPN + MPLS/SR are used for the transport. In the process, the packet will traverse a trusted domain under the control of one carrier. And it is possible that the user and service identification information represented by the VLAN tagging can be mapped to the possible MPLS encapsulated information or IPv6 encapsulated information if SRv6 is used as the transport tunnel for the purpose of fine-granularity services. This is an example that the user/service information can be acquired at the edge of network without interfering the original user packet though the information is not as accurate as that could be carried by the original packet.

Else, I agree with you that Flow-Id should not be used as it is assumed to be opaque.

Still puzzled though about the ‘user’ information as if the traffic is encrypted it is also often to hide the user identity.
[Robin] The above example show how to get the ‘user’ information (VLAN tagging) and how to use the ‘user’ information (in the limited domains). The information will be lost after traversing the limited domains. If still hope to use the user information, the only possibility is the possible user information encrypted. It is another problem beyond the scope of APN and face much challenges of security, privacy, etc.
In order to explain the issue clearly, I will try use another method. In fact the packet traverse the network can adopt the form of ‘X in Y’ where Y is the original packet and X is the outer encapsulation. You mentioned the user information in X. In fact, the outer encapsulation Y (here VLAN tagging is the example of Y) can also provide some user information besides the original user information in X. In the limited domains, the ‘X in Y’ can be changed to ‘X in Y in Z’ (IP in VLAN in MPLS/SRv6) or ‘X in Z’ (IP in MPLS/SRv6) where Y (VLAN tagging) is mapped to Z (MPLS/SRv6). APN work focuses on the user information in the ‘X in Y’, ‘X in Y in Z’ and ‘X in Z’. There is other work, especially in the APP/TSV area, which focuses directly on the user information in X.  They seems similar, but are different in essence.



From: ipv6 <<>> on behalf of Lizhenbin <<>>
Date: Monday, 28 September 2020 at 19:33
To: Linda Dunbar <<>>, IPv6 List <<>>, "<>" <<>>
Cc: "<>" <<>>
Subject: RE: Questions about draft-li-6man-app-aware-ipv6-network-02

Hi Linda,
Please refer to my reply inline. APN mailing list is copied.

Best Regards,
Zhenbin (Robin)

From: Linda Dunbar []
Sent: Saturday, September 26, 2020 2:23 AM
To: IPv6 List <<>>;<>
Subject: Questions about draft-li-6man-app-aware-ipv6-network-02

Zhenbin, et al,

I have some questions on the draft-li-6man-app-aware-ipv6-network-02:

Page 5: App-aware Edge Device: This network device receives packets from IPv6 enabled applications and obtains the application characteristic information.

I am curious how does App-aware Edge Device derives the application characteristics information ?  Your draft mentioned VLAN tagging, How VLAN tagging can provide Application characteristics information?
[Robin] There are different ways for VLAN tagging to provide application characteristics information. Here I propose one example: the user hosts/apps can connect to the home gateway which can add different VLANs called S-VLAN to identify the different services. For example VLAN1 is used for Internet service and VLAN2 is used for IPTV service. The home gateway will connect to the DSLAM on which the VLAN call C-VLAN will be added to identify the home user. So when the IP-based edge network device receives the packet, it can derive the user ID and service type information from the VLAN tagging. We have explained that the APN work focuses on the limited domains rather than open Internet. The VLAN tagging shows that there is similar practice in the access network.

Page 6: Is the Application-aware ID another extension field? Or part of existing extension header? Like a subTLV within the Hop-by-hop options Header Type?
[Robin] Application-aware ID is an option which can be used in DOH/HBH/SRH. It is part of existing extension headers. It can be seen as a type of TLV.

Questions about the  Application-Aware ID structure in Figure 4:
Why not use IPv6 Header “Priority/Traffic class” field to represent the SLA Level?
[Robin] The design is to take integrity into account. That is, all the information can be obtained from the single Application-aware ID. Traditionally we can get different parts’ information to compose some type of tuple. The process has effect on the forwarding performance and the scalability of forwarding entries.

Can you use IPv6 Header’s “Flow Label” field to represent the App ID and Flow ID?
[Robin] Integrity is the same reason for the problem. In addition “flow label” will be used for ECMP. Reusing it may cause the compatibility issue.

How can network acquire the information about “USER” information? I would think most applications encrypt their user information.
[Robin] The above example shows that C-VLAN can be used to acquire USER information. Though the application may encrypt their user information, not only APN needs the USER information, but also the carriers need to learn the USER information for accounting to get revenue. There already exists the possible way to solve the issue.

What kind of functions do you envision to be listed in the Figure 6’s Function ID?
[Robin] Figure 6 is to reuse the SRv6 SID. The function ID means just the functions supported by the existing SRv6. The Application-aware ID is put into the arguments of the SRv6 SID. The function ID part will not have effect on the Application-aware ID.

[Robin] Thanks for your comments and questions. Now the draft is in the early phase. The usage of the Application-aware ID option can be further discussed.

Thank you very much.

Linda Dunbar